Home Science & technology Companies in Morocco spend more on cybersecurity as AI creates new risks

Companies in Morocco spend more on cybersecurity as AI creates new risks

Companies in Morocco are taking cybersecurity more seriously than ever, with more money being spent on protecting systems

Companies in Morocco are taking cybersecurity more seriously than ever, with more money being spent on protecting systems and more business leaders getting involved. But many firms are still struggling to keep up with new threats linked to artificial intelligence, cloud computing and future quantum technology.

The findings come from the 2026 AUSIMètre, an annual cybersecurity report published by PwC Morocco and the Association of Information Systems Users in Morocco (AUSIM).

The survey covered 62 organisations, including large companies and SMEs, which made up about two thirds of the sample.

The report found the country’s cybersecurity maturity score rose to 56%, moving from a “developing” level to a “defined” level.

Cybersecurity is also becoming a boardroom issue. Around 74% of senior management teams are now involved in cybersecurity decisions, up from 55% last year.

Spending has increased too. More than half of the organisations surveyed, or 56%, now spend over 5% of their IT budget on cybersecurity. According to the report, that matches international benchmarks.

PwC Morocco and AUSIM said national regulations, including Law 05-20 and guidance from the National Directorate for Information Systems Security (DNSSI), have helped companies strengthen cyber governance and increase investment.

The report also found a wide gap between organisations.

Jamal Basrire, Partner at PwC Morocco, said 37% of companies now form a cyber “elite” that invests heavily in security, while 30% remain vulnerable.

“As attacks become more sophisticated through offensive artificial intelligence, outsourcing services such as Security Operations Centres (SOC) and penetration testing has become essential,” he said.

“You can outsource execution, but never strategic responsibility.”

The report warned that some of the biggest risks are not always easy to spot.

One concern is the rise of “Shadow AI”, where employees use artificial intelligence tools without company approval or oversight. The report says this can expose sensitive business data if organisations do not have clear AI policies.

Cloud computing is another challenge. Many organisations are moving data and services to the cloud without creating formal exit plans that would allow them to recover or move their data if needed.

The report also urged companies to start preparing for quantum computing, which could eventually break today’s encryption methods. It recommends including crypto agility requirements in future technology contracts.

A lack of skilled cybersecurity professionals also remains a major problem, limiting the ability of many organisations to respond to cyber threats.

The report makes three recommendations for business leaders.

It calls for more people from non-technical backgrounds to be trained in cybersecurity, with artificial intelligence helping speed up learning.

It also recommends preparing for the post-quantum era by making future technology investments compatible with new encryption standards.

Finally, it urges companies to introduce clear rules for using artificial intelligence and cloud services, map where these technologies are used and regularly test cloud exit plans.

Exit mobile version